[CF1] ZTIA troubleshooting guide #25733
Conversation
deadlypants1973
requested review from
a team,
kennyj42,
nikitacano and
ranbel
as code owners
|
This PR requires additional review attention because it affects the following areas: PartialsThis PR updates partial files, which are pieces of content used across multiple files in our Render component.
|
|
This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:
|
|
|
||
| To check the status of your Tunnel: | ||
|
|
||
| 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Routes**. |
There was a problem hiding this comment.
Routes are displayed in the main UI at Networks > Tunnels. Is there any reason why we're not making use of it and are introducing an extra step?
There was a problem hiding this comment.
@nikitacano step 1 above involves looking at the IP of the target, step 2 continues by finding the name of the tunnel that's associated with the IP. We have to assume that the user may not know the exact name of the tunnel. If we jump straight to Tunnels page, they're missing the IP component - which is not completely visible nor searchable on the Tunnels page, but is searchable in the Routes page.
|
|
||
| ### 1. Review Access policies | ||
|
|
||
| A user may be blocked by an Access policy from reaching an SSH target because no explicit allow Access policy exists and Access is set to deny the user by default. |
There was a problem hiding this comment.
"from reaching a target through SSH"
Targets are agnostic of protocol. Let's please avoid referring to them as if there is a type to prevent confusion!
|
|
||
| [Access policies](/cloudflare-one/policies/access/policy-management/) are the rules attached to this Access infrastructure application, determining who can connect and what UNIX usernames they can log in as on the server. Cloudflare will not create new users on the target. UNIX users must already be present on the server. | ||
|
|
||
| You were guided to create an Access policy for your SSH target in [substep 9 of step 5: Add an infrastructure application](#5-add-an-infrastructure-application). |
6 participants
Summary
closes #25295
PCX-18789
Screenshots (optional)
Documentation checklist